Singtel's third-party vendor's file-sharing system, called FTA, has been hacked.

The incident occurred in mid-December 2020 and continued into January 2021.

Attacked by unidentified hackers

The telecommunications company said in a statement that the third-party vendor is Accellion, a private cloud solutions company focused on secure file sharing and collaboration.

The file-sharing system was illegally attacked by unidentified hackers, said Singtel.

Singtel uses the standalone system to share information internally as well as with external stakeholders.

This incident, said Singtel, is part of a "wider concerted attack" against users of its file-sharing system.

In its own statement, Accellion stated that FTA is a 20-year-old product "nearing end-of life", and was the target of a "sophisticated cyber attack".

Accellion also said that all vulnerabilities are limited exclusively to FTA.

Investigations ongoing

Singtel has since suspended all use of the system and activated investigations.

It is working closely with cyber security experts and the relevant authorities, including the Cyber Security Agency of Singapore.

Singtel is also currently conducting an impact assessment "with the utmost urgency to ascertain the nature and extent of data that has been potentially accessed".

Customer information may have been compromised, added Singtel in its statement.

"Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks.

We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed."

Core operations remain unaffected

Singtel, however, has clarified that this is an isolated incident involving a standalone third-party system.

Its core operations remain "unaffected and sound".

Top image from Singtel/YouTube.